Strategic risk:

A cornerstone of risk transformation

Strategic risks can do serious damage to an organization, very quickly. These risks can compromise supply chains, facilities, technology, talent, capital, reputation, and basic drivers of value. Yet they fall outside most enterprise risk management (ERM) programs and are difficult to quantify, monitor, and manage. To address these risks, leaders need new perspectives and approaches. They need tools for scanning the environment, tracking developments, and visualizing risk data. And they need to prepare effective responses, because responsibility for strategic risks resides at the C-suite and board levels.

Explore Content

Risk transformation can enable a company to elevate risk management from a functional capability to an enterprise responsibility that permeates the entire organization. When that happens, risk is no longer seen as the domain of only the risk management function. Instead, every business, function, and individual becomes accountable for and capable of addressing the risks within their purview. This enables the organization to more effectively implement strategies and achieve goals while addressing risks and complying with regulations.

This publication outlines challenges and methods of implementing transformation of strategic risk, and explores steps to elevate risk as a means of powering performance enterprise-wide. Learn more about:

Strategic risks and “value killer” risks, and why they are difficult to identify, measure, and manage

How risk sensing and other technologies can assist organizations in detecting and tracking strategic risks

Why preparing responses to strategic risk events is useful, even though the actual events can rarely be predicted

Why simply meeting regulatory requirements or confining risk management to the function with that name leaves a company exposed

The roles of the business units, risk management, and internal audit in risk transformation

As this publication explains, customers, investors, regulators, and other stakeholders do not expect management and the board to predict future events. But they do expect them to prepare the organization to recognize and respond to strategic risk events.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see About Deloitte to learn more about our global network of member firms.